kind: Pod
apiVersion: v1
metadata:
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
    k8s-app: chrony
  name: chrony
  namespace: kube-system
spec:
  hostNetwork: true
  dnsPolicy: ClusterFirstWithHostNet
  priorityClassName: system-cluster-critical
  containers:
  - name: chrony
    image: {{ chrony_image }}
    env:
    - name: NTP_SERVER
{% if inventory_hostname == groups['etcd'][0] %}
      value: {{ ntp_server }}
{% else %}
      value: {% if hostvars[inventory_hostname]['ansible_host'] is defined %}{{ hostvars[groups['etcd'][0]]['ansible_host'] }}{% else %}{{ groups['etcd'][0] }}{% endif %}

{% endif %}
    - name: ALLOW_CIDR
      value: 0.0.0.0/0
    - name: SYNC_RTC
      value: 'true'
    livenessProbe:
      exec:
        command:
        - chronyc
        - tracking
      initialDelaySeconds: 30
      periodSeconds: 60
      timeoutSeconds: 5
    volumeMounts:
    - name: tz-config
      mountPath: /etc/localtime
      readOnly: true
    - name: tzdata-config
      mountPath: /etc/timezone
      readOnly: true
    securityContext:
      capabilities:
        add:
        - SYS_TIME
  volumes:
  - name: tz-config
    hostPath:
      path: /etc/localtime
  - name: tzdata-config
    hostPath:
      path: /etc/timezone
